Microsoft vulnerabilities leaking out
Tuning in to the Security Focus web site this morning I came across a disturbing article which reports of security holes in Microsoft products already being demonstrated as a direct result of last month’s leak of source code:
“The first new security vulnerability to emerge from last week’s Microsoft source code leak crossed a security mailing list over the weekend, reigniting debate over the seriousness of the leak. The vulnerability affects Internet Explorer 5 and various versions of Outlook Express. It was unearthed in code the two programs use to process bitmap image files, and affects the software on several versions of Windows, including 98, 2000 and XP. While some systems appear to be immune to the glitch, a proof-of-concept exploit that was posted to the Full Disclosure mailing list crashes Outlook Express 6 on Windows XP systems. Service Pack 1 appears to correct the vulnerability.” The full article is athttp://www.securityfocus.com/news/8060. This is a good site to bookmark and visit once in a while.
Another great article by Security Focus columnist Scott Granneman is at http://www.securityfocus.com/columnists/220, a step by step checklist for securing most Windows based home computers. This one is worth printing out, physically checking off and keeping for your records. You can also save the article to your computer as HTML in Internet Explorer by using File/Save as. The reason I recommend this is because there are many useful links in the body of the text to additional information and services that can not be printed.
Norton Antivirus review.
Up until very recently I had been a happy user of McAfee AntiVirus 4.51 SP1. Their scan engine was very fast, updates very easy to find and install, it never bogged down performance to the point of intolerability and it always caught the bug before it got onto my hard drive. So what happened? Microsoft Outlook Express happened.
As a consequence of switching Internet Service Providers from Comcast Cable to SBC/Yahoo! DSL, my former Eudora email client became too difficult to manage multiple email accounts with. Comcast does not require customers to set their email clients to password authenticate SMTP mail service (the service you use to send email) because it’s assumed that the only way to use their servers is to connect directly from the home using your cable modem. By virtue of this you’re already authenticated. SBC/Yahoo! does require you to configure the SMTP Authentication which Eudora does not handle well. If all you have is one or two email accounts then Eudora might still be a good choice for your email software. But juggle half a dozen accounts plus those of your family and try to explain to them why they have to do certain things a certain way and you quickly realize it’s never going to work.
It’s not all bad, though. One benefit I discovered is password authenticated SMTP allows me to easily send email from my computer while connected to any public and/or wireless computer network which are popping up everywhere these days. You see them at airports, Internet cafés, trade shows and hotels just to name a few.
So, as reluctant as I was to use a Microsoft product for my email and possibly expose my computer to computer viruses I was previously immune to, I simply could not ignore the logical way SMTP auth is configured for each email account making it a transparent transition for my family as well. And to be frank, I do like the Microsoft user interface.
What does any of this have to do with Antivirus? When I switched to Outlook Express and set up all my Identities and accounts I later discovered that McAfee would no longer scan my inbound email! This is a known bug in 4.51 for which there is apparently no known solution. So I went through my software cabinet and dug out a bundled copy of Norton Antivirus 2003 that came with one of my Dell’s, installed it and took it for a test drive.
This is going to be a very short review. The user interface is logically organized and installation was “paint by numbers”. The first thing it want’s to do is update itself after installation which is to be expected. Overall, though, the installation went very slowly and a full system scan takes forever! Run it at night when you go to bed and maybe it will be done in the morning. Just maybe.
With Autoprotect turned on (scans everything all the time) system overhead is very high meaning it bogs down performance very noticeably. Since email scanning is separate I disabled Autoprotect. Even the email scan adds quite a bit of wait time when getting and sending email. But in the interested of protected personal information, some may consider this to be a valid sacrifice.
Supposedly, the LiveUpdate utility updates all components of the NAV program including the LiveUpdate utility itself. This could not be further from the truth! The only way I discovered it was to visit the Norton web site and use their Automated Support Assistant which examines your computer for the latest versions. Just imagine my surprise when after running LiveUpdate only seconds before that the Support Assistant warned me of an out of date LiveUpdate! I don’t know about you but I find loopholes in security like this totally unacceptable.
Prior to finally getting the latest LiveUpdate version I was also able to retrieve email from the server with Netsky.P email viruses attached. They slipped in completely under the NAV radar screen. Granted, NAV did detect the virus once I tried to open the attachment but as far as I’m concerned, the virus should have never even gotten that far. This product is supposed to be able to scan compressed attachments. In this instance it failed miserably.
This concluded my testing of Norton Antivirus. I now know enough about the product to know I don’t want it any longer. In my next newsletter I’ll be discussing the newer version of McAfee. Are there others besides McAfee and Norton? Sure, but having been doing it the longest, I still trust McAfee above all others to be absolutely the best defense against computer viruses. Hopefully their newer versions addresses the Outlook Express bug. I’ll keep you posted.